On that note, I am sure a lot of you use ssh keys.
Do you password protect them?
What about keys used for automated server administration tasks? Surely you can't password protect those. (Do you see the init process typing in a password? ;)
I think USER-CENTRIC KEY MANAGEMENT will be a big trend in the coming years. Not just for key management, but for login to any web service.
Imagine a future where all the "social network" does is transfer opaque encrypted packets from one place to another. The User, with his "keychain" (held on his machine) can browse the "social network" from anywhere and decrypt the messages intended for him.
Using current technology it would be quite inefficient: sharing a new photo would mean encrypting a copy for each of my friends thus transferring an order of magnitude more traffic.
Perhaps new crypto is needed?
Maybe we use AES for the data and send an auxiliary crypto header with 100 copies of the AES key encrypted for each of the 100 friends you wanted to share the picture with.
Research plug: Stefan Brands has invented a very cool upgrade to the basic public-key signature schemes. His protocols allow for "partial disclosure" of only certain parts of a certificate signed by a third party.
(unlike the current sertif. schemes in which I have to show you my entire certificate cleartext so you can hash to check the signature)
On that note, I am sure a lot of you use ssh keys. Do you password protect them? What about keys used for automated server administration tasks? Surely you can't password protect those. (Do you see the init process typing in a password? ;)
I think USER-CENTRIC KEY MANAGEMENT will be a big trend in the coming years. Not just for key management, but for login to any web service.
Imagine a future where all the "social network" does is transfer opaque encrypted packets from one place to another. The User, with his "keychain" (held on his machine) can browse the "social network" from anywhere and decrypt the messages intended for him.
Using current technology it would be quite inefficient: sharing a new photo would mean encrypting a copy for each of my friends thus transferring an order of magnitude more traffic. Perhaps new crypto is needed? Maybe we use AES for the data and send an auxiliary crypto header with 100 copies of the AES key encrypted for each of the 100 friends you wanted to share the picture with.
Research plug: Stefan Brands has invented a very cool upgrade to the basic public-key signature schemes. His protocols allow for "partial disclosure" of only certain parts of a certificate signed by a third party. (unlike the current sertif. schemes in which I have to show you my entire certificate cleartext so you can hash to check the signature)
He has a free book on the theory: http://www.credentica.com/the_mit_pressbook.html
His company Credentica was acquired by Microsoft and I think he is leading the team there to make this idea practical.